CVE-2023-27410

2023-05-0913:15:16

CWE-122

[email protected]

web.nvd.nist.gov

scalance lpe9403

heap-based buffer overflow

denial of service

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.

Affected configurations

Nvd

Node

siemensscalance_lpe9403_firmwareRange<2.1

AND

siemensscalance_lpe9403Match-

VendorProductVersionCPE
siemensscalance_lpe9403_firmware*cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*
siemensscalance_lpe9403-cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	scalance_lpe9403_firmware	*	cpe:2.3:o:siemens:scalance_lpe9403_firmware::::::::
siemens	scalance_lpe9403	-	cpe:2.3:h:siemens:scalance_lpe9403:-:::::::*